Canadian firms paying ‘significantly’ more in ransomware attacks: data

globalnews.ca:

Canadian companies are now paying more than $1 million in ransomware attacks, according to a new study.

The report, from cybersecurity firm Palo Alto Networks and the Angus Reid Institute, a polling firm, found that slightly fewer Canadian businesses reported receiving ransomware attacks, but those that did saw more expensive demands and were forced to pay more money.

“The average ransom paid has increased significantly to more than $1.130 million CAD (in 2023) – an increase of almost 150% in two years,” it states. “Additionally, the average ransom demanded saw a steep rise of 102% to C$906,115 in 2023 up from C$449,868 in 2021.”

The report polled 1,000 companies with more than 100 employees.

Manufacturing, construction and healthcare and pharmacy companies are targeted most, the report states.

Natalia Stakhanova holds the Canada Research Chair in security and privacy. She told Global News the reports’ findings aren’t surprising.

She said hackers are likely asking for more money because it costs them the same to blackmail a small company as it does a large company, and because things are getting more expensive.

“We’re all seeing inflation at the grocery store. So I think it’s quite natural to see the the increase in the ransom numbers,” she said, speaking from Saskatoon.

She said manufacturing companies could be targeted most because some have “bigger pockets.”

Ransomware, she said is “a new version of an extortion attack,” when hackers can either steal or encrypt data on a computer, only releasing the files after getting paid.

The report found that only 35 per cent of businesses paid the ransom in 2023, compared to 45 per cent in 2021 and that the overall amount of businesses reporting ransomware attacks fell to 35 per